WordPress is one of the most popular Content Management Systems (CMSs) currently.
However, it is not perfect, and it is continuously being further developed and improved.
WordPress should be regularly updated to ensure optimal functionality and performance. WordPress updates can be time-consuming — and problematic if not done promptly.
So, to answer the important question — how frequently should all things WordPress be updated? As often as needed!
WordPress Core Updates
WordPress core files make up the base of your site’s code. These files can be downloaded from the WordPress Repository, and they are already included in all the Managed WordPress and Managed WooCommerce plans offered by Nexcess.
An example of the WordPress core filesystem is shown below:
-rw-rw-r-- 1 a6a75cbd a6a75cbd 0 Jan 23 23:22 favicon.ico -rw-r--r-- 1 a6a75cbd a6a75cbd 3369 Jan 23 23:19 index.html -rw------- 1 a6a75cbd a6a75cbd 405 Jan 23 23:20 index.php -rw-r--r-- 1 a6a75cbd a6a75cbd 19915 Jan 31 08:23 license.txt -rw-r--r-- 1 a6a75cbd a6a75cbd 7346 Jan 31 08:23 readme.html -rw-r--r-- 1 a6a75cbd a6a75cbd 816 Jan 23 23:19 robots.txt -rw-r--r-- 1 a6a75cbd a6a75cbd 7165 Jan 24 06:29 wp-activate.php drwx--s--x 9 a6a75cbd a6a75cbd 4096 Jan 31 08:23 wp-admin -rw------- 1 a6a75cbd a6a75cbd 351 Jan 23 23:20 wp-blog-header.php -rw-r--r-- 1 a6a75cbd a6a75cbd 2328 Jan 31 08:23 wp-comments-post.php -rw------- 1 a6a75cbd a6a75cbd 3598 Jan 31 08:45 wp-config.php -rw-r--r-- 1 a6a75cbd a6a75cbd 3004 Jan 31 08:23 wp-config-sample.php drwx--s--x 10 a6a75cbd a6a75cbd 256 Jan 31 09:10 wp-content -rw-r--r-- 1 a6a75cbd a6a75cbd 3939 Jan 24 06:29 wp-cron.php drwx--s--x 26 a6a75cbd a6a75cbd 12288 Jan 31 08:23 wp-includes -rw------- 1 a6a75cbd a6a75cbd 2496 Jan 23 23:20 wp-links-opml.php -rw-r--r-- 1 a6a75cbd a6a75cbd 3900 Jan 24 06:29 wp-load.php -rw-r--r-- 1 a6a75cbd a6a75cbd 45463 Jan 31 08:23 wp-login.php -rw-r--r-- 1 a6a75cbd a6a75cbd 8509 Jan 31 08:23 wp-mail.php -rw-r--r-- 1 a6a75cbd a6a75cbd 22297 Jan 31 08:23 wp-settings.php -rw-r--r-- 1 a6a75cbd a6a75cbd 31693 Jan 31 08:23 wp-signup.php -rw-r--r-- 1 a6a75cbd a6a75cbd 4747 Jan 24 06:29 wp-trackback.php -rw-r--r-- 1 a6a75cbd a6a75cbd 3236 Jan 24 06:29 xmlrpc.php
WordPress core updates usually patch security issues with WordPress sites. Failing to update the WordPress core will leave your site vulnerable to various malicious attacks.
WordPress Themes Updates
WordPress themes contain visual customizations for your site and, as such, can be tricky to update. The best practice, in this case, would be to use a child theme when customizing your site. That way, WordPress theme updates will not affect your site, and you will not need to make as many changes to it.
Current WordPress themes are more complicated and time-consuming when it comes to updating them. Due to all the features they contain, they are prone to breaking the site’s functionalities if not updated often.
Depending on your theme, theme updates might be available in the WordPress dashboard directly. If you’re using a custom theme, you might need to download its new version from the developer and upload the new files via FTP or SSH.
WordPress Plugins Updates
Plugins offer a wide variety of functionalities you can add to your website. To function correctly, they will need to be compatible with each other, and the theme you are using on your website.
Different plugins have different vendors, and just as theme updates, some of them will be available in the WordPress dashboard.
In contrast, others will need to be updated by manually uploading new files. As with WordPress core files and themes, you will need to update plugins accordingly to have a fully functional and secure site.
How to Update WordPress Components?
First, as every little update has the great potential to break things, the most important thing you will need to do is to make a backup of the site. The backup can be created using a plugin in the Nexcess Portal or manually by copying the whole site to your local machine.
Once you are confident you have a backup of the working site, you can use the WordPress dashboard to update your plugins, themes, or core files:
We have quite a few updates to make in this particular case, including three plugin updates, four theme updates, and a core update from WordPress version 5.8.3 to 5.9.
The best way to do these updates would be to go one by one.
Complete one update, confirm everything is still functioning, complete another one and recheck again. As you can see, making sure your site is up to date can be quite time-consuming.
Lucky for us, there are a couple of ways to automate WordPress updates:
- Using the WordPress CLI
- Through the Nexcess Portal
- Using the default WordPress built-in feature
- Using the iThemes Sync Pro plugin
- Using the iThemes Security Pro plugin
iThemes Security Pro: Managing Automatic Updates
iThemes Security Pro is primarily a security plugin for WordPress, which has many built-in features and intelligent defaults to help secure your site.
Note: iThemes Security Pro 7.0 requires WordPress 5.7 and PHP 7.0 or later.
Among other security features, iThemes Security Pro also allows you to set up automatic updates for various sections of your website. The first thing it will show in the dashboard is a summary of updates needed unless they were initially configured for automatic updates.
When you get to its Version Management section, you’ll see four main sections:
- WordPress Updates (if selected, it will automatically install the newest versions of core files once available)
- Plugin Updates
- Theme Updates
The Plugin Updates section will allow you to select which plugins you’d like updated immediately when available, which you’d like to skip updates entirely, and for which you’d like to set a delay for updates in case they’re not entirely stable or compatible with other versions of software on the site.
Theme update will also allow you to select which themes you’d like to update immediately, which you’d like not to update entirely, and which you’d like to update with a delay.
For most Managed WordPress or Managed WooCommerce plans, the site you’re working on will be the only site in existence. Therefore “Scan for Old WordPress Sites” will apply only to the site you’re working on.
However, if the site you’re working on is a part of the Flexible Cloud Plan or any other hosting plan, you’ll probably have other sites using the same Unix user. In that case, “Scan for Old WordPress Sites” will be useful to check other sites sharing your site’s resources. This way, you’ll be able to ensure they’re up to date and not a vulnerability.
If you haven’t created a backup or the update you performed broke the site, our Support Team will be happy to help in any way possible.
Sometimes, the quickest way to fix an issue would be to restore a site from a backup or roll back the change made. That’s the main reason working backups are crucial to have on hand.
Not a Nexcess customer yet?
Check out our fully managed hosting plans to get started today.
iThemes Security Pro FAQs
What are the Differences Between the iThemes Security Pro Paid Plugin & iThemes Security Free Plugin Versions?
The iThemes Security Pro paid plugin version includes all the iThemes Security free plugin version features, but the paid plugin version also has the following features: Security Dashboard, Two-Factor Authentication, Trusted Devices, reCAPTCHA, Version Management, User Security Check and User Logging, Settings Import and Export, Privilege Escalation, Passwordless Login, Malware Scan Scheduling, and Magic Links.
How Do You Use the iThemes Security Free Plugin or the iThemes Security Pro Paid Plugin?
Download and install the plugin. Then activate it. After activation, you will see a new Security option in the panel on the left. Select the Security option to run the initial security check on your site. During the security check, the plugin will enable various modules to protect your site. Click the Secure Site button to start this process.